In recent years, payments using a credit card instead of cash payments have become widespread, thus avoiding the dangers of carrying large amounts of money in the form of cash. However, theft or forgery of cards is also increasing rapidly and thus suitable countermeasures to this are extremely important. Many solutions have been proposed for ensuring against fraudulent use of stolen and forged credit and cash cards. These solutions include limited withdrawals, time limits for availability of credit cards, duplicate encryption, and identification of card owners, to name a few. Identification is performed by means of PIN codes, fingerprints, one-time passwords, and so on. Still against the increasing of card related crime, these traditional security solutions are insufficient.
Location based authentication (LBA) systems provide an improved solution for preventing fraudulent transactions made using credit or cash cards. Examples of such LBA systems may be found in WO 02/052879 (also published as US 2004/0073519 and WO 03/058936 (also published as US 2004/0242201), published US patent application Nos. US 2003/0135470 and US 2005/0065875 as well as in U.S. Pat. No. 6,097,938, each of which is incorporated herein by reference for their useful background descriptions of the state of the art heretofore. Generally, a LBA system detects fraudulent transactions by verifying the user's presence at the place of transaction. Specifically, the LBA system evaluates the authenticity of a user's requests by retrieving the location of a transmitting and receiving device, such as a mobile phone, carried by the user and comparing it with the location of a point of sale (POS) terminal (or a cash-withdrawal terminal). If the terminal and mobile phone are located within a calculated and acceptable distance the transaction is approved. The location of the user is retrieved from the mobile network while the terminal location is considered fixed.
LBA systems provide a higher level of security over traditional solutions; however, they fail to provide a reliable means of identifying fraudulent transactions. One of many reasons for this inability is that fraud identification is based solely on the geographical distance between the merchant's terminal and the user's mobile phone. In addition, LBA systems are not designed to track changes in merchants' locations or in the coverage of a cellular network. Accordingly, prior art LBA systems typically generate a large number of false alarms and thus cannot be considered a reliable solution for the detection of frauds committed using stolen cards.
It would be, therefore, advantageous to provide an improved LBA system that accurately detects fraudulent transactions It would be further advantageous if the provided system would detect fraudulent transactions based on behavior patterns of cards holders and merchants.